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This is in response to the appeal brief filed 28 July 2005 appealing from the Office action mailed 
21 March 2005. 
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(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial proceedings 
which will directly affect or be directly affected by or have a bearing on the Board's decision in 
the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is incorrect. A correct 
statement of the status of the claims is as follows: 

Claims 1-80 are pending in the application. Claims 1-24, 26-71, and 73-80 stand fully 
rejected under 35 U.S.C. 102(e) as being anticipated by Gennaro (U.S. Patent No. 6,317,834). 
Claims 25 and 72 stand finally rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gennaro in view of Huang (U.S. Patent No. 5,856,789). 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection contained in 
the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is 
substantially correct. The changes are as follows: new grounds of rejection exist. 

NEW GROUND(S) OF REJECTION 
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Claims 3, 5, 6, 13, 18, 19, 27, 33, 34, 37, 48, 49, 63, 64, 67, 74 were inadvertently 
omitted from the Office action mailed 21 March 2005. A concise explanation of how the claims 
are rejected using the prior art references is located is section (9). 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 

6,317,834 GENNARO 11-2001 

5,856,789 HUANG 1-1999 

(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 

Claim Rejections - 35 USC § 102 

Claims 1-24, 26-71, 73-80 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Gennaro, U.S. Patent No. 6,317,834. Referring to claims 1-4, 8-12, 14-16, 21-24, 26, 28-31, 32, 
35, 36, 39-47, 50-62, 65, 66, 68-71, 73, 75-80, Gennaro discloses a biometric authentication 
system wherein biometric information in the form of fingerprints, voice pattern, retinal pattern, 
iris scans, and signatures (Col. 1, lines 35-39) are captured along with personal information 
unique to each individual (Col. 1, lines 62-67 & Col. 2, lines 32-34), which meets the limitation 
of receiving biometric data. The biometric data is then encrypted with random data (Col. 2, lines 
1-5, 27-31), which meets the limitation of receiving a nonce, and encrypting the biometric data 
using the nonce and to transmit only encrypted biometric data and the nonce. The encrypted 
biometric information is then stored along with the random data in a biometric database (Col. 2, 
lines 45-57). The system is also capable of decrypting the biometric data (Col. 3, lines 4-19), 
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which meets the limitation of the master device decrypting the encrypted biometric data. 
Gennaro discloses the user inputting personal information as a response to random challenge 
questions (Col. 2, lines 28-34). The personal information meets the limitation of a secret. These 
responses are used in a computing environment to calculate data and would therefore be stored in 
some fashion. Since Applicant's claim requires only "to store the secret", the limitation is meet 
because non-volatile and volatile storage alike would meet this limitation. Therefore, these 
responses being received into a computing environment would require them to be at least 
temporarily stored within a memory or a cache of some variety in order for them be used within 
the computing environment. The responses can then be used to generate an encryption key and 
encrypt the biometric data (Col. 2, lines 34-47), which meets the limitation of encrypting the 
biometric data using the secret, transmitting at least an indication of the secret with the biometric 
data, and transmitting only the encrypted biometric data and the nonce. 

Referring to claims 5, 18, 33, 48, 63, Gennaro discloses that the random data and the 
responses, which act as the secret, are used to generate the encryption key that encrypts the 
biometric data (Col. 2, lines 27-47), which meets the limitation of encrypting the biometric data 
using the secret and the nonce. 

Referring to claims 6, 13, 19, 27, 34, 37, 49, 64, 67, 74, Gennaro discloses that one of the 
responses could be a telephone number (Col. 9, lines 10-12), which meets the limitation of a 
globally unique identifier that is used, along with the secret and the nonce (addressed above), to 
encrypt biometric data. 

Referring to claims 7, 20, Gennaro discloses acquiring a personal identifier (Col. 2, line 
9), which would meet the limitation of the secret comprising a GUID. 
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Referring to claims 16, 17, 35, 38, 46, 50, 61, 65, Gennaro discloses that in order to 
authenticate a biometric record the user provides the system with a personal identifier, which 
meets the limitation of a GUID or secret, and a biometric sample that corresponds to the 
biometric record that is being authenticated (Col. 4, lines 41-56). 

Claim Rejections - 35 USC § 103 

Claims 25, 72 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gennaro, 
U.S. Patent No. 6,317,834, in view of Huang, U.S. Patent No. 5,856,789. Referring to claims 25, 
72, Gennaro discloses a biometric authentication system wherein biometric information in the 
form of fingerprints, voice pattern, retinal pattern, iris scans, and signatures (Col. 1, lines 35-39) 
is captured along with personal information unique to each individual (Col. 1, lines 62-67 & Col. 
2, lines 32-34), which meets the limitation of receiving biometric data. The biometric data is then 
encrypted with random data (Col. 2, lines 1-5, 27-31), which meets the limitation of receiving a 
nonce, and encrypting the biometric data using the nonce and to transmit only encrypted 
biometric data and the nonce. The encrypted biometric information is then stored along with the 
random data in a biometric database (Col. 2, lines 45-57). The biometric information can also be 
encrypted using a key generated from password information (Col. 1, line 67 - Col. 2, line 2), 
which meets the limitation of receiving a secret, and encrypting the biometric data using only the 
secret. Gennaro does not disclose that the system utilizes a processor, north bridge, and south 
bridge. Huang discloses a computer system containing a processor, north bridge, and south 
bridge (Col. 2, lines 63-67). It would have been obvious to one of ordinary skill in the art at the 
time the invention was made to use a computer system configuration of Huang in the biometric 
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authentication system of Gennaro because Huang discloses that disclosed computer system 
configuration is state of the art (Col. 2, Hne 63). 
NEW GROUNDS OF REJECTION 

Referring to claim 3, Gennaro discloses a biometric authentication system wherein 
biometric information in the form of fingerprints, voice pattern, retinal pattern, iris scans, and 
signatures (Col. 1, lines 35-39) are captured along with personal information unique to each 
individual (Col. 1, lines 62-67 & Col. 2, lines 32-34). The biometric data is then encrypted with 
random data (Col. 2, lines 1-5, 27-31). The encrypted biometric information is then stored along 
with the random data in a biometric database (Col. 2, lines 45-57). The system is also capable of 
decrypting the biometric data (Col. 3, lines 4-19). Gennaro discloses the user inputting personal 
information as a response to random challenge questions (Col. 2, lines 28-34), which meets the 
limitation of receiving a secret. The personal information meets the limitation of a secret. These 
responses are used in a computing environment to calculate data and would therefore be stored in 
some fashion. Since Applicant's claim requires only "to store the secret", the limitation is meet 
because non-volatile and volatile storage alike would meet this limitation. Therefore, these 
responses being received into a computing environment would require them to be at least 
temporarily stored within a memory or a cache of some variety in order for them be used within 
the computing environment. The responses can then be used to generate an encryption key and 
encrypt the biometric data (Col. 2, lines 34-47), which meets the limitation of transmitting at 
least an indication of the secret with the biometric data. 

Referring to claims 5, 18, 33, 48, 63, Gennaro discloses that the random data and the 
responses, which act as the secret, are used to generate the encryption key that encrypts the 
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biometric data (Col. 2, lines 27-47), which meets the limitation of encrypting the biometric data 
using the secret and the nonce. 

Referring to claims 6, 13, 19, 27, 34, 37, 49, 64, 67, 74, Gennaro discloses that one of the 
responses could be a telephone number (Col. 9, lines 10-12), which meets the limitation of a 
globally unique identifier that is used, along with the secret and the nonce (addressed above), to 
encrypt biometric data. 

(10) Response to Argument 

Applicant's arguments filed 28 July 2005 have been fully considered but are not 
persuasive. Applicant argues that Gennaro does not disclose a nonce, which is not persuasive 
because Gennaro discloses that biometric data is encrypted with an encryption key generated 
from a random combination of answers provided by the individual during a challenge/response 
session (Col. 2, lines 27-31). After an authentication attempt a new challenge list is randomly 
generated to create the next encryption key (Col. 3, lines 15-19). This meets Applicant's 
definition of a nonce because new random challenges are generated each time, and would 
therefore be a "used a single time". Applicant pointed to page 35, lines 16-21, to define a nonce 
and the recitation states : 

"One use of the monotonic counters 435A and 435B is a source for a nonce. Each nonce 
must be different. Differences may be predictable or unpredictable. Nonces may be used to help 
prevent replay attacks. When a message is encrypted, changing even one bit changes the 
encrypted message. Any strong encryption method distributes even one-bit change extensively. 
A nonce may be used in a challenge-response method, such as described below." 
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The above-mentioned recitation of Gennaro meets Applicant's definition because new 
randomly generated challenges are generated (Col. 3, lines 15-20) and the challenges can be 
prompting the user for personal information such as a zip code, telephone number, or birth date 
(Col. 9, lines 7-11). Therefore, Gennaro's challenges are changed even one-bit and used in a 
challenge response method. 

Applicant argues that Gennaro does not disclose authenticating biometric data using a 
random number is not persuasive because Gennaro using the randomly generated key to decrypt 
a stored biometric sample and if the decryption is unsuccessful, the individual cannot be verified 
and his or her authorization status will be declared as "failed", thereby terminating the 
verification session (Col. 7, lines 31-35). Therefore, Applicant's argument that decryption is not 
the same operation as authentication is not persuasive because in the system of Gennaro, 
decryption is effectively used for authentication. 

Applicant's arguments with respect to the combination of Gennaro in view of Huang are 
identical to the previous arguments about Applicant's definition of a nonce, and have been fully 
addressed above. 

(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the Related 
Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 

This examiner's answer contains a new ground of rejection set forth in section (9) above. 
Accordingly, appellant must within TWO MONTHS from the date of this answer exercise one 
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of the following two options to avoid sua sponte dismissal of the appeal as to the claims subject 
to the new ground of rejection: 

(1) Reopen prosecution. Request that prosecution be reopened before the primary 
examiner by filing a reply under 37 CFR 1.111 with or without amendment, affidavit or other 
evidence. Any amendment, affidavit or other evidence must be relevant to the new grounds of 
rejection. A request that complies with 37 CFR 41 .39(b)(1) will be entered and considered. Any 
request that prosecution be reopened will be treated as a request to withdraw the appeal. 

(2) Maintain appeal. Request that the appeal be maintained by filing a reply brief as set 
forth in 37 CFR 41 .41 . Such a reply brief must address each new ground of rejection as set forth 
in 37 CFR 41.37(c)(l)(vii) and should be in compliance with the other requirements of 37 CFR 
41 .37(c). If a reply brief filed pursuant to 37 CFR 41 .39(b)(2) is accompanied by any 
amendment, affidavit or other evidence, it shall be treated as a request that prosecution be 
reopened before the primary examiner under 37 CFR 41.39(b)(1). 

Extensions of time under 37 CFR 1.136(a) are not applicable to the TWO MONTH time 
period set forth above. See 37 CFR 1.136(b) for extensions of time to reply for patent 
applications and 37 CFR 1 .550(c) for extensions of time to reply for ex parte reexamination 
proceedings. 

Respectfully submitted, 
Benjamin E. Lanier 
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A Technology Center Director or designee must personally approve the new 
ground(s) of rejection set forth in section (9) above by signing below: 



Conferees: 
Gilberto Barron 
Matthew Smithcrs 

KAMBIZZAND 
PRIMARY EXAMINER 




GILBEPTTO BARRON «->^ 
SUPERVISORY PATENT EXAMINER 
TCWNOtOGY CENTER 2100 




S DWYER. KyR^TOR 
fNOLOGY CENTER 21 00 



